﻿<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<?php
if (!(isset($_SESSION["id"]))) {
header("Location: index.php");
exit();
}
?>
<?php
include("siteName.php");
$msg = "";
require("dbInc.php");
$mysqliObj = new mysqli($dbHost, $dbUser, $dbPass, $dbDB);
if (isset($_POST["btnUpdate"])) {
if (filter_var($_POST["txtEmail"], FILTER_VALIDATE_EMAIL)) {
$eMail = "'" . mysqli_real_escape_string($mysqliObj, $_POST["txtEmail"]) . "'";
$title = "'" .  mysqli_real_escape_string($mysqliObj, $_POST["selTitle"]) . "'";
$fName = "'" .  mysqli_real_escape_string($mysqliObj, $_POST["txtFName"]) . "'";
$lName = "'" .  mysqli_real_escape_string($mysqliObj, $_POST["txtLName"]) . "'";
$phone = "'" .  mysqli_real_escape_string($mysqliObj, $_POST["txtPhone"]) . "'";
//check if not an existing e-mail already
$sql = sprintf("select id from %s where vEmail = %s and id <> %s;", $tableUsers, $eMail, $_SESSION["id"]);
$res = $mysqliObj->query($sql);
$res->data_seek(0);
if ($res->num_rows < 1) {
$sql = "update %s set vEmail = %s, vTitle = %s, vFirstName = %s, vLastName = %s, vPhone = %s;";
$sql = sprintf($sql, $tableUsers, $eMail, $title, $fName, $lName, $phone);
$mysqliObj->query($sql);
$msg = "Your information has been updated.";
} else {
$msg = "That e-mail address is already registered to another profile.";
}//end of checking if already registered with email
} else {
$msg = "You must enter a valid e-mail address";
}//end of checking if valid email address
}//end of checking form submission
//load data to populate form with
$email = "";
$title = "";
$fName = "";
$lName = "";
$phone = "";
$sql = "select vEmail, vTitle, vFirstName, vLastName, vPhone from %s where id = %s;";
$sql = sprintf($sql, $tableUsers, $_SESSION["id"]);
$res = $mysqliObj->query($sql);
$res->data_seek(0);
if ($res->num_rows > 0) {
$row = $res->fetch_assoc();
$email = $row["vEmail"];
$title = $row["vTitle"];
$fName = $row["vFirstName"];
$lName = $row["vLastName"];
$phone = $row["vPhone"];
}else {
header("Location: login.php");
}//end of making sure profile data returned
$mysqliObj->close();
?>
<title><?php echo $siteName; ?> Profile information</title>
<link type="text/css" rel="stylesheet" href="styles.css" />
<?php
include("includefunctions.inc");
?>
<script type="text/javascript" language="javascript">
function validateForm(theForm) {
with (theForm) {
if (validate_required(txtEmail,"You must enter an e-mail address")==false)
{txtEmail.focus();return false}
if (validate_email(txtEmail,"You must enter a valid e-mail address")==false)
{txtEmail.focus();return false}
if (validate_required(txtFName,"You must enter a first name")==false)
{txtFName.focus();return false}
if (validate_required(txtLName,"You must enter a last name")==false)
{txtLName.focus();return false}
}//end of with clause
}//end of validateForm function

function checkMsg() {
var msg = "<?php echo $msg; ?>";
if (msg.length > 0) {
alert(msg);
}
}//end of checkMsg function
</script>
</head>
<body onload="checkMsg();">
<iframe name="logoFrame" id="logoFrame" src="logo.htm" border="0" height="120" align="top" frameborder="0" marginheight="0" width="100%" scrolling="no">
<a href="http://www.blindza.co.za/" target="_blank">
<img src="logo/blindza_logo_smaller46.jpg" alt="blindZA.co.za logo - white text on black background, with white border - and red braille version hovering in front of normal text" width="317" height="103" border="0" />
</a>
</iframe>
<a href="index.php">Back to entry page</a>
<h2><?php echo $siteName; ?> Profile information</h2>
<p>In order to make use of the shopping facilities on this site, you should fill out the relevant information below - all fields marked with a * are required</p>
<?php
if (strlen($msg) > 0) {
echo "<p class='error'>" . $msg . "</p>\n";
}
?>
<form action="profile.php" method="post" enctype="multipart/form-data" onsubmit="return validateForm(this);">
<table align="center" border="0">
<tr>
<th align="right">e-Mail address *:</th>
<td>
<input type="text" id="txtEmail" name="txtEmail" value="<?php echo $email; ?>" />
</td>
</tr>
<tr>
<th align="right">Title:</th>
<td>
<select name="selTitle">
<?php
$titleArray = array("", "Mr.", "Mrs.", "Ms.", "Prof.", "Dr.");
foreach ($titleArray as $titleOption) {
echo "<option value='" . $titleOption . "'";
if ($title == $titleOption) { echo " selected"; }
echo ">"  . $titleOption . "</option>\n";
}
?>
</select>
</td>
</tr>
<tr>
<th align="right">First name *:</th>
<td>
<input type="text" id="txtFName" name="txtFName" value="<?php echo $fName; ?>" />
</td>
</tr>
<tr>
<th align="right">Last name *:</th>
<td>
<input type="text" id="txtLName" name="txtLName" value="<?php echo $lName; ?>" />
</td>
</tr>
<tr>
<th align="right">Phone number:</th>
<td>
<input type="text" id="txtPhone" name="txtPhone" value="<?php echo $phone; ?>" />
</td>
</tr>
<tr>
<th align="center" colspan="2">
<input type="submit" name="btnUpdate" value="Update information" /><br />
<input type="reset" name="btnReset" value="Reset" />
</th>
</tr>
</table>
</form>
</body>
</html>
